Experts say Australia is at risk, as there aren't enough skilled people to fight cybercrime.

ABC

A global shortage of cyber security professionals is impacting Australia as government departments, corporations and businesses compete for talent, in response to an increasing number of attacks.

According to annual surveys by Telstra, almost 60 per cent of businesses experienced at least one disruptive security breach a month in 2016, compared to just 23.7 per cent the previous year.

The rising threat level has sparked a hiring frenzy with employers "gobbling up" IT students from around the country, often before they graduate.

"Google seems to make an offer to anyone who passes my advanced operating systems course," Gernot Heiser, a Scientia Professor at the computer science and engineering school at the University of New South Wales (UNSW), said.

"Sometimes you're sort of surprised how students who you don't think too much of get a well-paid job. They can spell security, maybe?"

The skills shortage is widespread, with advertised positions ranging from entry level security analysts, who typically earn around $75,000, to software engineers and IT managers on six-figure salaries.

Peoplebank, which promotes itself as the country's largest IT and telecommunication recruitment company, believes the problem is likely to get worse.

"We're expecting that it could be quite a severe shortage in a couple of years' time, as demand continues to exceed supply of candidates," the company's chief executive officer, Peter Acheson, told Background Briefing.

Mr Acheson puts the trend down to small and medium-sized businesses shifting away from cash transactions and paperwork.

"We've seen a dramatic change in the way Australian businesses do business," he said.

"The big buzz word, I guess, is what we'd call digital transformation, which is essentially changing the way that organisations transact, from being manual paper-based transactions to fully electronic or fully digital."

Others trace the origins of the skills shortage back to the early 2000s, when various American states, including California, introduced mandatory data breach reporting schemes, forcing businesses that were hacked to fess up to authorities.

"As soon as that happened, it became a board-level issue if you got hacked, because it got in the press and affected the share price," Richard Buckland, a professor of cyber crime, cyber war and cyber terror at UNSW, said.

"There was a massive gobbling up of IT professionals and security professionals around the world. America got most of the really good ones … from the other countries."

There has since been an exodus of expertise from Australia, with some of nation's best and brightest heading abroad to pursue exciting job opportunities and higher salaries on offer in places like Silicon Valley.

"If you're working in the valley and you're working in the security field, it seems to be the most common accent you hear is Australian," Craig Davies, a former chief security information officer with Australian software company Atlassian, said.

Mr Davies, who recently returned home to head up the federal government's Australian Cyber Security Growth Network, is now tasked with developing a thriving local industry.

"We want to grow a very strong cybersecurity ecosystem here in this country — and that's from research, through to commercialisation, through to jobs and companies and opportunities."

Companies investing in education design

In a sign of just how urgent the skills shortage has become, major Australian companies are seeking a greater degree of involvement in education and training to ensure graduates are job-ready as soon as they complete their studies.

At Box Hill Institute of TAFE in Melbourne, students can complete a Certificate IV level qualification in cyber security, with an advanced diploma to be introduced soon.

The course has been designed with input from financial institutions, telecommunications companies, and IT service providers.

"We've been seeing multiple organisations coming through to the classes and talking to us about what they do, and saying they will be looking for cybersecurity professionals," student Zachary Mikus said.

Mr Mikus is now completing a traineeship with a major bank.

He said employers looking for entry-level security analysts wanted to ensure that students were learning skills directly relevant to the work they would be required to do in the real world.

"They are saying: 'This is what we want out of people and we're going to give you the information and could you please create this course for us'," he said.

But it could take years to grow the talent pool and there remains a large appetite for foreign workers, especially those with specialist skills.

Universities are concerned changes to the Federal Government's skilled migration program, announced in April, will make it difficult to attract expertise to their institutions.

Under the changes, university lecturers and research fellows who come to Australia on short-term temporary visas will no longer have a pathway to permanent residency.

"The residency provision is one of the most attractive elements of the Australian skilled migration program, and we really need to open that up in a big way, not be limiting it," Greg Austin, a professor at the Centre of Cyber Security at the Australian Defence Force Academy in Canberra, said.

"The whole country needs high-tech workers, we need high-tech scientists, and we need them in very large numbers."

"Normally we would like to hire people right out of a PhD or even before to come to Australia to work in academia," Michael Bruenig, head of the University of Queensland's School of Information Technology and Electrical Engineering, said.

"If you have a requirement of two years' work experience as a minimum, this would be very difficult and it would be tampering with a well-working academic system relying on fresh young graduates to come into the country."

In a statement to Background Briefing, the Immigration Department said the changes are not set in stone, with a review of policy settings to take place next month.

Professor Bruenig, who himself arrived in Australia through the recently abolished 457 visa scheme, said he was hopeful the government would change its mind.

"In cyber security, we're trying to build capacity in the country and it's quite important that we bring new talent into this area."